问题
如何通过命令行管理配置Windows 2008防火墙,禁用或启用Windows2008防火墙命令行,命令行禁用Windows 2008防火墙端口
解答
1、启用桌面防火墙
netsh advfirewall set allprofiles state on
2、设置默认输入和输出策略
netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound
以上是设置为允许,如果设置为拒绝使用 blockinbound,blockoutbound
3、关闭tcp协议的139端口
netsh advfirewall firewall add rule name="deny tcp 139" dir=in protocol=tcp localport=139 action=block
4、关闭udp协议的139端口
netsh advfirewall firewall add rule name="deny udp 139" dir=in protocol=udp localport=139 action=block
5、关闭tcp协议的445端口
netsh advfirewall firewall add rule name="deny tcp 445" dir=in protocol=tcp localport=445 action=block
6、关闭udp协议的445端口
netsh advfirewall firewall add rule name="deny udp 445" dir=in protocol=udp localport=445 action=block
7、使用相同的方法,依次关闭TCP协议的21、22、23、137、138、3389、5800、5900端口。
netsh advfirewall firewall add rule name="deny tcp 21" dir=in protocol=tcp localport=21 action=block
netsh advfirewall firewall add rule name="deny tcp 22" dir=in protocol=tcp localport=22 action=block
netsh advfirewall firewall add rule name="deny tcp 23" dir=in protocol=tcp localport=23 action=block
netsh advfirewall firewall add rule name="deny tcp 3389" dir=in protocol=tcp localport=3389 action=block
netsh advfirewall firewall add rule name="deny tcp 5800" dir=in protocol=tcp localport=5800 action=block
netsh advfirewall firewall add rule name="deny tcp 5900" dir=in protocol=tcp localport=5900 action=block
netsh advfirewall firewall add rule name="deny tcp 137" dir=in protocol=tcp localport=137 action=block
netsh advfirewall firewall add rule name="deny tcp 138" dir=in protocol=tcp localport=138 action=block
8、恢复初始防火墙设置
netsh advfirewall reset
9、关闭防火墙
netsh advfirewall set allprofiles state off